The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2021-10-08T15:15:36.568963Z

Updated: 2024-09-17T03:33:55.956Z

Reserved: 2021-09-22T00:00:00

Link: CVE-2021-41566

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-08T16:15:07.947

Modified: 2024-11-21T06:26:26.480

Link: CVE-2021-41566

cve-icon Redhat

No data.